RSS   Vulnerabilities for 'CMS'   RSS

2008-06-25
 
CVE-2008-2843

CWE-89
 

 
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

 
 
CVE-2008-2842

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top